Professional Documents
Culture Documents
Cyber Security Project For Safe and Security Network Services
Cyber Security Project For Safe and Security Network Services
net/publication/334549790
CITATIONS READS
0 17,786
1 author:
Tetsuya Nakagawa
NTT Advertizing
3 PUBLICATIONS 0 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Tetsuya Nakagawa on 19 July 2019.
include matching the needs of Group corporations to prise network access control system is called
the seeds of NTT Laboratories and promoting mea- SENACS. It lets system administrators perform
sures to cope with security-related issues common to centralized user management spanning multiple
the entire NTT Group. The main needs are for securi- access networks and lets users connect to the inter-
ty technology and know-how about IP networks that nal corporate LAN safely without changing com-
will help system operators manage the system stably. plicated terminal settings (Fig. 2). It has three main
The project’s main activities and results are described features: 1) Regardless of the location from which
in Section 2. By continually observing trends in the an employee connects to the intranet, SENACS
world at large from a sociological perspective, the automatically selects the optimum communication
Project works to ascertain the types of security-relat- protocol; 2) no manual setup is required for net-
ed businesses that will be in demand in the future and work profiles (layer 2/3) for each different terminal
understand the direction of current technological or access line, except for an initial installation of
development. Section 3 explains some achievements terminal software and user profile; and 3) by inter-
up to FY 2004. linking to a commercial quarantine system, infect-
ed or untested terminals are isolated from the
2. Security development coordination activities intranet.
To let corporate customers use such advanced
Common patterns in coordination activities can be technology without confusion, security producers
organized according to their purpose. There are three integrate it with complementary systems that are
patterns: (1) commercializing technology seeds in commercially available, such as a quarantine sys-
NTT Laboratories, (2) organizing and implementing tem and an authentication VLAN (virtual LAN).
security know-how within NTT Group, and (3) pro- Moreover, this integrated solution is provided to
moting security measures for NTT Group businesses. enterprises along with the know-how needed to
Typical activities for each pattern are described introduce the system while keeping any changes to
below. customers’ legacy infrastructures to the absolute
minimum.
Pattern (1): Cultivating and commercializing Pattern (1-2) Commercializing time authentication
applications of security technologies created in and time delivery technologies
NTT Laboratories The so-called E-Document Law was ratified by
Pattern (1-1) Applying technology for centralized the Diet in autumn 2004 and took effect in April
network profile management to business 2005. This law allows companies to store tax-relat-
In recent years, the computing environment has ed and other official documents in digital format,
changed due to an increase in remote access and instead of only being allowed to use paper docu-
mobile terminals and the severe damage caused by ments as in the past. Keidanren (Japan Business
viruses from terminals connected to the Internet Federation) expects the economic effects of this
(especially via corporate local area networks change to be as high as 300 billion yen. However,
(LANs)). The security management and surveil- in order to store documents electronically under the
lance systems needed to manage terminals and E-Document Law, it is necessary to construct an
LAN connections are also growing more and more infrastructure including document management
complex and sophisticated. Along with these applications and additional functions, such as a
changes, hidden problems have come to light, such time authentication (timestamp) function and a
as the difficulty of managing user registration and traceable time delivery function. A time authentica-
updates for systems individually introduced to the tion function associates a specific time with each
network and the significant complexity of system digital document and can prove that the document
settings that needed to be made by the users them- has not been changed after storage. A traceable
selves. time delivery function announces the correct time
To respond to such issues, NTT Laboratories to the entire network and can be used to confirm the
developed technology for centrally managing pro- precision with which time announcements were
file settings for each of the user terminals and dif- transmitted in the past. To enable each NTT Group
ferent access networks (e.g., wired LAN, wireless company to efficiently develop the document stor-
LAN, RAS (remote access server), and Internet age management and other related businesses,
VPN (virtual private network)). This secure enter- security producers coordinate activities among
Quarantine network
Local IP network
Authentication
VLAN
Conference Hot-spot Hotel, station,
room wireless LAN etc.
Intra-office
wireless LAN
mopera or ISP
Intra-office
wired LAN
Branch office PHS or Internet cafe,
mobile phone etc.
ISP: Internet service provider mopera: mobile operation radio assistant. NTT Docomo’s
PHS: personal handy-phone service Internet connection service for mobile terminals.
Access lines (WAN): fixed phone, mobile phone, hot-spot wireless LAN, ADSL, and HTTP
Networks (LANs): wired LAN (authentication VLAN) and wireless LAN (IEEE802.11b, 802.1x)
Protocols: PPP, PPPoE, IPsec, 802.1x (EAP-TTLS, EAP-TLS)
Note: combinations are available, e.g., 802.1x/PPPoE/IPsec for a hot-spot wireless LAN or PPPoE/IPsec for ADSL
Fig. 2. Overview of the secure enterprise network access control system (SENACS).
est technologies, and the rules and organizational educational programs, inspection check sheets and
structures for corporate compliance (Table 2). This other resources to strengthen the information secu-
knowledge base is being used to inspect and rity infrastructure within the NTT Group.
strengthen the information management systems of Pattern (2-2) Creating encryption usage guidelines
the NTT Group and also as a way to recommend Encryption is now used frequently by Internet
tools to customers. Based on the results of these users. For example, SSL (secure socket layer) con-
activities, efforts are also being made to develop nections are used to protect personal information
Safety of encryption techniques degrades steadily when their specifications and assessments are open to the public.
Radical degradation of safety is possible when they are not open to the public.
Countermeasures
Dangerous zone are provided
Time
when making online transactions or when encrypt- example, the DES algorithm, which is well known
ing electronic documents. NTT Laboratories start- for its use over many years, is not among those on
ed research into encryption algorithms a long time Japan’s e-government recommended encryption
ago. And algorithms proposed by NTT such as algorithm list.
Camellia and PSEC-KEM have been selected for To deal with this challenge, security producers
Japan’s e-government recommended encryption have developed comprehensive guidelines based
algorithm list. They have also been designated as on the insights of the NTT Laboratories specifying
selected encryption algorithms in Europe’s procedures for the selection of appropriate encryp-
NESSIE project (new European schemes for signa- tion algorithms. By referring to these guidelines, all
tures, integrity and encryption). technologists in the NTT Group using encryption
However, improvements in computing perfor- technology and related products can accurately
mance and the appearance of new decryption tech- understand the safety level of their system and
nologies may sometimes make it possible to break properly select and use encryption technology. At
encryption schemes. In that case, to prolong the the same time, these guidelines help security man-
safety of products and services, system designers agers anticipate how current encryption methods
must replace the encryption algorithm or system could endanger a service on offer and implement
with a more advanced or secure one (Fig. 3). For protective measures before failures occur (Fig. 4).
Safety of encryption algorithms Judge the need to replace Provide alternative encryption
has become degraded. the encryption algorithm algorithms
Masao Takeda
Kazuyuki Nakagawa Producer, Cyber Security Project, NTT
Senior Manager, Cyber Security Project, NTT Department III (R&D Strategy Department).
Department III (R&D Strategy Department). He received the B.E. and M.E. degrees in elec-
He received the B.E. and M.E. degrees in elec- trical engineering from Yamagata University,
tro-communications engineering from the Uni- Yonezawa, Yamagata in 1993 and 1995, respec-
versity of Electro-Communications, Chofu, tively. In 1995, he joined NTT Tohoku Branch
Tokyo in 1980 and 1982, respectively. In 1982, Office. He has been engaged in the planning of
he joined the Yokosuka Electrical Communica- multimedia services, the development of
tion Laboratories, Nippon Telegraph and Tele- advanced intelligent network systems, and the
phone Public Corporation (now NTT). He has planning of R&D strategy for information shar-
been engaged in the development of integrated ing platforms. In 2003, he moved to his present
business communication systems and intelligent post in NTT.
transport systems and the planning of R&D strat-
egy in the field of information sharing platforms.
In 2003, he moved to his present post in NTT. He
is a member of the Institute of Electronics, Infor-
mation and Communication Engineers (IEICE)
of Japan. Tetsuya Nakagawa
Senior Research Engineer, Supervisor, Plan-
ning Section, NTT Information Sharing Platform
Laboratories.
He received the B.E. and M.E. degrees in elec-
trical engineering from Waseda University,
Tokyo in 1986 and 1988, respectively. In 1988,
he joined NTT Transmission System Laborato-
ries. He has been engaged in system develop-
ment for Internet service providers and Internet
portal services and the planning of R&D strategy
in NTT Information Sharing Platform Laborato-
ries. In 2003, he moved to his present post in
NTT.